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What is claimed is: 



PATENT 



1 1 . A communication network, comprising: 

2 (A) local communication links, 

3 (B) a plurality of separately located central office switching systems 

4 interconnected via trunk circuits for selectively providing switched call 

5 connections between at least two of the local communication links in 

6 response to predetermined control data messages, 

lp (C) a signaling communication system for two-way communications of said 

"-■4 

SP control data messages between at least said central office switching 

systems, said signaling communication system interconnecting the central 

3 \S 

10 ** office switching systems; 

p 

1 (D) a signaling gateway, separate from the central office switching systems and 

12P connected to said signaling communications system, said signaling 

IT 8 * gateway including an interface connected to a remote communications 

1 4 network and configured to exchange said control data messages between 

15 said remote communication network and said signaling communication 

16 system, and 

17 (E) a signaling system security monitor, separate from the central office 

18 switching systems, said signaling system security monitor including a 

19 plurality of message templates corresponding to approved ones of said 

20 control data messages. 
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2. The communications network according to claim 1 wherein said plurality of message 
templates are associated with a plurality of service providers. 



1 3. The communications network according to claim 2 wherein said signaling system 

2 security monitor associates each of said control data messages with a corresponding one 

3 of said service providers and selects one of said message templates in response to the 

4 corresponding one of said service providers. 

INS 4. The communications network according to claim 1 wherein said signaling system 

2^ security monitor includes a memory storing sets of templates, each of said sets 

:fy corresponding to control messages appropriate to particular call progress or transaction 

43 flow. 

ff 5. The communications network according to claim 4 wherein said templates define 

2 message formats, parameters and values associated with control message types selected 

3 from MTP, SCCP, ISUP, TCAP and AIN type messages. 

1 6. The communications network according to claim 4 wherein said signaling system 

2 security monitor is configured to select said sets of templates in response to service 

3 provider authorization data associated with respective ones of said control data messages. 

1 7. The communications network according to claim 1 wherein said signaling system 
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2 security monitor is configured to selectively communicate said control data messages 

3 between said signaling gateway and said signaling communication system in response 

4 to said control messages satisfying criteria specified by corresponding ones of said 

5 templates. 

1 8. The communications network according to claim 1 wherein said signaling system 

2 security monitor is configured to selectively enable and inhibit said signaling gateway 
2h$ from exchanging said control data messages between said remote communication 
4%I network and said signaling communication system. 

H 

tij 9. The communications network according to claim 1 wherein said signaling system 

23 security monitor includes a memory storing states of respective ones of said central office 

3lJ switching systems, said signaling system security monitor responsive to said states for 

4^ selecting ones of said templates. 

1 10. The communications network according to claim 1 wherein said signaling gateway 

2 further comprises a signal protocol converter configured to convert SS7 type messages 

3 to another packet data format. 

1 11. The communications network according to claim 10 wherein the other packet data 

2 format is an Internet Protocol (IP) format. 
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1 12. The cornmunications network according to claim 1 wherein said signaling system 

2 security monitor is configured to monitor information contained in an MTP Layer 3 

3 portion of said control data messages. 

1 13. The communications network according to claim 12 wherein said information 

2 contained in said MTP Layer 3 portion of said control data messages includes (i) a 

3 destination point code, (ii) an originating point code, and (iii) a service indicator octet. 

O 

P4 14. The communications network according to claim 12 wherein said signaling system 

2J security monitor is configured to monitor at least one of MTP, SCCP, ISUP, TCAP, and 

37: AIN messages. 

fli 15. The communications network according to claim 12 wherein said signaling system 

2H security monitor is configured to monitor a plurality of message types selected from 

3 MTP, SCCP, ISUP, TCAP, and AIN type messages. 

1 16. The communications network according to claim 12 wherein said signaling system 

2 security monitor is configured to monitor calling and called party address parameters 

3 contained in SCCP message portions of said control data messages. 

1 17. The communications network according to claim 1 6 wherein said signaling system 

2 security monitor is configured to determine if said monitored calling and called party 
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address parameters are consistent with an authorized signaling relationship. 



1 18. The communications network according to claim 12 wherein said signaling system 

2 security monitor is configured to monitor origination and destination point codes and 

3 calling and called party address parameters contained in the header of a TCAP message 

4 of said control data messages. 

1.^ 19. The communications network according to claim 12 wherein said signaling system 

£4 security monitor is configured to monitor the originating and destination point code 

J4 parameters contained in the MTP message portion, as well as the calling and called party 

4* address parameters found in the SCCP message portion of said control data messages and 

JL determine if a particular originating application is authorized to send a particular TCAP 

fy message to a particular destination application. 
Q 

1 20. The communications network according to claim 1 wherein said signaling system 

2 security monitor includes a memory storing a state of said communications network. 

1 21. The communication network according to claim 1 wherein said signaling system 

2 security monitor includes a memory storing permissible states of said communications 

3 network and said templates include data indicating allowable next one(s) of said states. 



1 



2 



22. The communications network according to claim 1 wherein said signaling system 
security monitor includes a memory storing data relating call progress status with 
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3 respective sets of control messages appropriate to initiate a next action consistent with 

4 a particular service. 

1 23. The communications network according to claim 1 wherein said signaling system 

2 security monitor includes a memory storing data relating a transaction state with 

3 respective sets of control messages appropriate to initiate a next action consistent with 

4 a particular service. 

M 24. The communications network according to claim 1 wherein said signaling system 

^ security monitor comprises a certification agent configured to exchange and maintain 

|5| encryption key certificates, 

lilt 

ill 26. The communications network according to claim 1 wherein said signaling system 

HI security monitor is configured to issue and decrypt digital time stamps. 

1 26. A method of securely interfacing control links of respective communication 

2 networks, comprising the steps of: 

3 storing a plurality of control message templates; 

4 exchanging control data messages between a remote communication network and 

5 a local signaling communication system; 

6 selecting ones of said control message templates in response to respective ones 

7 of said control messages; 
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determining, using said templates, if said control data messages are proper; 
selectively communicating, in response to said determining step, control data 
messages between central office switching systems; 

selectively routing messages from an incoming link to an outgoing link in 
response to said control data messages; and 

Selectively generating control messages to help restore system integrity in cases 
where control messages are disallowed. 

27. The method according to claim 26 wherein said plurality of control message 
templates are associated with a plurality of service providers. 

28. The method according to claim 26 further comprising steps of: 

associating each of said control data messages with a corresponding one of said service 
providers; and 

selecting one of said message templates in response to the corresponding one of said 
service providers. 

29. The method according to claim 26 wherein each of said templates corresponds to an 
appropriate one of (i) call progress flow and (ii) transaction processing protocol. 
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30. The method according to claim 26 wherein said templates define message formats, 
parameters and values associated with control message types selected from MTP, SCCP, 
ISUP, TCAP and AIN type messages. 

3 1 . The method according to claim 26 further comprising a step of selecting said sets of 
templates in response to service provider authorization data associated with respective 
ones of said control data messages. 

32. The method according to claim 26 further including a step of selectively enabling 
and inhibiting a signaling gateway from exchanging said control data messages between 
said remote communication network and said signaling communication system. 
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